Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:5056 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 440 invoked by uid 1010); 29 Oct 2003 00:09:20 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 405 invoked from network); 29 Oct 2003 00:09:19 -0000 Received: from unknown (HELO matrix.gna.ch) (195.226.6.8) by pb1.pair.com with SMTP; 29 Oct 2003 00:09:19 -0000 Received: from localhost (localhost [127.0.0.1]) by matrix.gna.ch (Postfix) with ESMTP id 5D7AB14C; Wed, 29 Oct 2003 01:09:19 +0100 (CET) Received: by matrix.gna.ch (Postfix, from userid 65534) id 0FE1715A; Wed, 29 Oct 2003 01:09:17 +0100 (CET) Received: from cschneid.com (unknown [195.226.4.61]) by matrix.gna.ch (Postfix) with ESMTP id C187114C; Wed, 29 Oct 2003 01:09:13 +0100 (CET) Message-ID: <3F9F0529.4020100@cschneid.com> Date: Wed, 29 Oct 2003 01:09:13 +0100 User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031009 X-Accept-Language: de-ch, en-us, en MIME-Version: 1.0 To: Gareth Ardron Cc: internals@lists.php.net References: <20031028220955.GA569@pulse.oxfordarch.enta.net> In-Reply-To: <20031028220955.GA569@pulse.oxfordarch.enta.net> X-Enigmail-Version: 0.76.7.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on matrix.gna.ch X-Spam-Level: X-Spam-Status: No, hits=-3.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.60 X-Virus-Scanned: by AMaViS Ultramail snapshot-20020531 Subject: Re: header() behaviour From: cschneid@cschneid.com (Christian Schneider) Gareth Ardron wrote: > $var = "foo=1&bar=2"; To clarify: You should use $var = "foo=1&bar=2"; and then $var for header() but htmlspecialchar($var) for your href: - HTTP-Headers must not be html-encoded. - HTML-Attributes on the other hand have to be html-encoded. Even though most browsers work with hrefs without html-encoding and some browsers might understand & in HTTP-Headers this is not conforming to the standards. - Chris